jackrabbit-oak-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jukka Zitting <jukka.zitt...@gmail.com>
Subject Re: oak-api and move operations
Date Tue, 03 Apr 2012 09:55:55 GMT

On Tue, Apr 3, 2012 at 11:23 AM, Angela Schreiber <anchela@adobe.com> wrote:
> but please be aware that we need to make sure that we need
> to have a separate layer in place that enforces authorization
> and prevents direct write operations on the MK from higher
> levels... or the other way round: if we expose the MK to
> higher levels we have to move both the complete authentication and
> authorization process on the MK layer, which would look quite
> wrong to me.

The "private branch" concept is just that, "private". Anything written
to such a branch is not made visible to any other clients, so there
should be no need to enforce access controls on it.

So far the only place where we do need to enforce write access controls is:

    * Before calling MicroKernel.commit()

With the branch concept as proposed, this would change to:

   * Before calling MicroKernel.commit() on a non-branch revision
   * Before calling MicroKernel.merge()


Jukka Zitting

View raw message